diff options
Diffstat (limited to 'usr/src/cmd/cmd-inet/common')
| -rw-r--r-- | usr/src/cmd/cmd-inet/common/kcmd.c | 52 | ||||
| -rw-r--r-- | usr/src/cmd/cmd-inet/common/kcmd.h | 15 | ||||
| -rw-r--r-- | usr/src/cmd/cmd-inet/common/store_forw_creds.c | 106 | ||||
| -rw-r--r-- | usr/src/cmd/cmd-inet/common/store_forw_creds.h | 48 |
4 files changed, 159 insertions, 62 deletions
diff --git a/usr/src/cmd/cmd-inet/common/kcmd.c b/usr/src/cmd/cmd-inet/common/kcmd.c index 9002c96ba9..5ef65daed2 100644 --- a/usr/src/cmd/cmd-inet/common/kcmd.c +++ b/usr/src/cmd/cmd-inet/common/kcmd.c @@ -1,5 +1,5 @@ /* - * Copyright 2007 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -457,56 +457,6 @@ strsave(char *sp) return (ret); } -/* - * Decode, decrypt and store the forwarded creds in the local ccache. - */ -krb5_error_code -rd_and_store_for_creds(krb5_context context, - krb5_auth_context auth_context, - krb5_data *inbuf, - krb5_ticket *ticket, - char *lusername, - krb5_ccache *ccache) -{ - krb5_creds ** creds; - krb5_error_code retval; - char ccname[64]; - struct passwd *pwd; - uid_t uid; - - *ccache = NULL; - if (!(pwd = (struct passwd *)getpwnam(lusername))) - return (ENOENT); - - uid = getuid(); - if (seteuid(pwd->pw_uid)) - return (-1); - - if ((retval = - krb5_rd_cred(context, auth_context, inbuf, &creds, NULL)) != 0) - return (retval); - - (void) snprintf(ccname, sizeof (ccname), - "FILE:/tmp/krb5cc_%ld", pwd->pw_uid); - - if ((retval = krb5_cc_resolve(context, ccname, ccache)) != 0) - goto cleanup; - - if ((retval = krb5_cc_initialize(context, *ccache, - ticket->enc_part2->client)) != 0) - goto cleanup; - - if ((retval = krb5_cc_store_cred(context, *ccache, *creds)) != 0) - goto cleanup; - - if ((retval = krb5_cc_close(context, *ccache)) != 0) - goto cleanup; - -cleanup: - (void) seteuid(uid); - krb5_free_creds(context, *creds); - return (retval); -} /* * This routine is to initialize the desinbuf, desoutbuf and the session key diff --git a/usr/src/cmd/cmd-inet/common/kcmd.h b/usr/src/cmd/cmd-inet/common/kcmd.h index a497d1b097..b6bc8e9154 100644 --- a/usr/src/cmd/cmd-inet/common/kcmd.h +++ b/usr/src/cmd/cmd-inet/common/kcmd.h @@ -2,9 +2,8 @@ * CDDL HEADER START * * The contents of this file are subject to the terms of the - * Common Development and Distribution License, Version 1.0 only - * (the "License"). You may not use this file except in compliance - * with the License. + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. @@ -19,8 +18,9 @@ * * CDDL HEADER END */ + /* - * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -102,13 +102,6 @@ int kcmd(int *sock, char **ahost, ushort_t rport, char *locuser, krb5_flags authopts, int anyport, enum kcmd_proto *kcmd_proto); -krb5_error_code rd_and_store_for_creds(krb5_context context, - krb5_auth_context auth_context, - krb5_data *inbuf, - krb5_ticket *ticket, - char *lusername, - krb5_ccache *ccache); - void init_encrypt(int, krb5_context, enum kcmd_proto, krb5_data *, krb5_data *, int, krb5_encrypt_block *); diff --git a/usr/src/cmd/cmd-inet/common/store_forw_creds.c b/usr/src/cmd/cmd-inet/common/store_forw_creds.c new file mode 100644 index 0000000000..2b5d7988b3 --- /dev/null +++ b/usr/src/cmd/cmd-inet/common/store_forw_creds.c @@ -0,0 +1,106 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ +/* + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#pragma ident "%Z%%M% %I% %E% SMI" + + +#include <pwd.h> +#include <locale.h> +#include <syslog.h> +#include <errno.h> +#include <com_err.h> +#include <k5-int.h> + +extern uint_t kwarn_add_warning(char *, int); +extern uint_t kwarn_del_warning(char *); + +/* + * Store the forwarded creds in the user's local ccache and register + * w/ktkt_warnd(1M). + */ +krb5_error_code +store_forw_creds(krb5_context context, + krb5_creds **creds, + krb5_ticket *ticket, + char *lusername, + krb5_ccache *ccache) +{ + krb5_error_code retval; + char ccname[MAXPATHLEN]; + struct passwd *pwd; + uid_t uid; + char *client_name = NULL; + + *ccache = NULL; + if (!(pwd = getpwnam(lusername))) + return (ENOENT); + + uid = getuid(); + if (seteuid(pwd->pw_uid)) + return (-1); + + (void) snprintf(ccname, sizeof (ccname), "FILE:/tmp/krb5cc_%ld", + pwd->pw_uid); + + if ((retval = krb5_cc_resolve(context, ccname, ccache)) != 0) { + krb5_set_error_message(context, retval, + gettext("failed to resolve cred cache %s"), ccname); + goto cleanup; + } + + if ((retval = krb5_cc_initialize(context, *ccache, + ticket->enc_part2->client)) != 0) { + krb5_set_error_message(context, retval, + gettext("failed to initialize cred cache %s"), ccname); + goto cleanup; + } + + if ((retval = krb5_cc_store_cred(context, *ccache, *creds)) != 0) { + krb5_set_error_message(context, retval, + gettext("failed to store cred in cache %s"), ccname); + goto cleanup; + } + + if ((retval = krb5_cc_close(context, *ccache)) != 0) + goto cleanup; + + /* Register with ktkt_warnd(1M) */ + if ((retval = krb5_unparse_name(context, (*creds)->client, + &client_name)) != 0) + goto cleanup; + (void) kwarn_del_warning(client_name); + if (kwarn_add_warning(client_name, (*creds)->times.endtime) != 0) { + syslog(LOG_AUTH|LOG_NOTICE, + "store_forw_creds: kwarn_add_warning" + " failed: ktkt_warnd(1M) down? "); + } + free(client_name); + client_name = NULL; + +cleanup: + (void) seteuid(uid); + + return (retval); +} diff --git a/usr/src/cmd/cmd-inet/common/store_forw_creds.h b/usr/src/cmd/cmd-inet/common/store_forw_creds.h new file mode 100644 index 0000000000..6aa40ebee9 --- /dev/null +++ b/usr/src/cmd/cmd-inet/common/store_forw_creds.h @@ -0,0 +1,48 @@ +/* + * CDDL HEADER START + * + * The contents of this file are subject to the terms of the + * Common Development and Distribution License (the "License"). + * You may not use this file except in compliance with the License. + * + * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE + * or http://www.opensolaris.org/os/licensing. + * See the License for the specific language governing permissions + * and limitations under the License. + * + * When distributing Covered Code, include this CDDL HEADER in each + * file and include the License file at usr/src/OPENSOLARIS.LICENSE. + * If applicable, add the following below this CDDL HEADER, with the + * fields enclosed by brackets "[]" replaced with your own identifying + * information: Portions Copyright [yyyy] [name of copyright owner] + * + * CDDL HEADER END + */ + +/* + * Copyright 2008 Sun Microsystems, Inc. All rights reserved. + * Use is subject to license terms. + */ + +#ifndef _STORE_FORW_CREDS_H +#define _STORE_FORW_CREDS_H + +#pragma ident "%Z%%M% %I% %E% SMI" + +#ifdef __cplusplus +extern "C" { +#endif + + +krb5_error_code store_forw_creds(krb5_context context, + krb5_creds **creds, + krb5_ticket *ticket, + char *lusername, + krb5_ccache *ccache); + + +#ifdef __cplusplus +} +#endif + +#endif /* _STORE_FORW_CREDS_H */ |